How would an HttpModule for Custom Authentication interact with Windows Authentication?

匆匆过客 提交于 2020-01-02 03:50:08

问题


I am trying to create a custom HttpModule which controls which users can view a site.

I am trying to leverage Windows Authentication to do this.

On an individual page, I would probably do something like this:

if (HttpContext.Current.User.Identity.Name.Contains("jsmith"))
{
    Response.Write("You do not have the correct permissions to view this site.");
    Response.End();
}

But because I want to make this more configurable at the application level, I would like to use an HttpModule.

Here is the start that I have made on the code:

using System;
using System.Web;

public class CustomAuthHttpModule : IHttpModule
{
    public void Dispose() { }

    public void Init(HttpApplication context)
    {
        context.BeginRequest += new EventHandler(OnBeginRequest);
        context.EndRequest += new EventHandler(OnEndRequest);
    }

    void OnBeginRequest(object sender, EventArgs e) { }

    void OnEndRequest(object sender, EventArgs e)
    {
        HttpApplication appObject = (HttpApplication)sender;
        HttpContext contextObject = appObject.Context;

        if (contextObject.User.Identity.Name.Contains("jsmith"))
        {
            contextObject.Response.Clear();
            contextObject.Response.End();
        }
    }
}

I would be fine with using the code I have, if I could put it in the OnBeginRequest() function. But the User property is not created in the HttpContext object until OnEndRequest() runs.

Running the code earlier would prevent the application from doing the extra work of producing this output, since some users are just going to be blocked from access in the end.

Can someone suggest a solution to this - is this happening because my module is running before the Windows Auth module, or what?

... or, maybe there is an easier way to do what I am trying to do with IIS or file system permissions?


回答1:


You want the AuthenticateRequest event.

AuthenticateRequest event




回答2:


Have you tried to implement the method in the global.aspx? OnSessionStart? Besides I would use hasRole or some other group-Property instead of contains and username.




回答3:


Why write an http module for this. If this is asp.net web forms then why not simply use built in stuff like LoginView http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.loginview.aspx



来源:https://stackoverflow.com/questions/4401088/how-would-an-httpmodule-for-custom-authentication-interact-with-windows-authenti

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!